A host (e.g., a networked computer) can be attacked by a remote system (e.g., another networked computer, terminal, host, etc.) at various host services such as applications, processes, and routines. Attacks can include viruses, hacking, denial of service attacks, data corruption, and other destructive or exploitive measures. Host services can include processes, applications, or other routines/programs that use an external port to exchange data with a remote system. Conventional security measures vary, ranging from personal firewall software to behavior blocking techniques. Typically, such security measures may include behavior blocking, hardening, securing and other security-related techniques. However, conventional security measures can burden host performance and resources. For example, traditional firewall software can indiscriminately apply security measures to all host services, degrading both performance and available system resources, such as memory and processor availability. Alternatively, less comprehensive security measures can protect certain services, but often exclude others and cannot dynamically provide protection as needed.
A host may have vulnerabilities that can be exploited by a remote system. Using a network connection, a remote system can gain unauthorized access to a host over an external port. Host services and processes “listening” on external ports (external applications) can be exploited directly or inadvertently permit the exploitation of internal host services that are using an external application. External applications can act as a gateway for remote systems to gain access to other host services that do not directly communicate over an external port.
If a remote system gains access to a port on a host, it can exploit services listening on the port, illicitly retrieving, corrupting, copying, or destroying data and services on the host. However, given the limited resources and performance expectations of a host, security measures to guard against these attacks cannot be universally applied to all host services. In other words, conventional solutions cannot protect a host without degrading system performance or substantially burdening storage and computing resources.
Thus, there is a need for a solution whereby security measures can be applied to both internal and external applications on a host and minimize the overall burden on the system. There is also a need for a solution whereby the application of security measures can be prioritized to protect external applications from remote attacks as well as other processes that externally communicate indirectly using external applications.